Total CVEs

142,714

Critical Severity

4,025

High Severity

14,400

Last 7 Days

1,392
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 18,981 - 19,000 of 39,119 CVEs
CVE-2026-0930 MEDIUM - 4.3

Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which would leak the adjacent stack memory to the pseudo-console output.

Vendor: wolfssh
Product: wolfssh
Published: Apr 20, 2026
Source: NVD
CVE-2026-5928 HIGH - 7.5

Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library version 2.43 or earlier, may result in an attempt to read bytes before an allocated buffer, potentially res...

Vendor: gnu
Product: glibc
Published: Apr 20, 2026
Source: NVD
CVE-2026-5450 CRITICAL - 9.8

Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

Vendor: gnu
Product: glibc
Published: Apr 20, 2026
Source: NVD
CVE-2026-5358 CRITICAL - 9.1

Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start c...

Published: Apr 20, 2026
Source: NVD
CVE-2026-4852 MEDIUM - 6.4

The Image Source Control Lite – Show Image Credits and Captions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Image Source' attachment field in all versions up to, and including, 3.9.1 due to insufficient input sanitization and output escaping. This makes it po...

Published: Apr 20, 2026
Source: NVD
CVE-2026-34403 HIGH - 8.1

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.5, all WebSocket endpoints in nginx-ui use a gorilla/websocket Upgrader with CheckOrigin unconditionally returning true, allowing Cross-Site WebSocket Hijacking (CSWSH). Combined with the fact that authentication tokens ...

Vendor: 0xJacky
Product: nginx-ui
Published: Apr 20, 2026
Source: NVD
CVE-2026-33626 HIGH - 7.5

LMDeploy is a toolkit for compressing, deploying, and serving large language models. Versions prior to 0.12.3 have a Server-Side Request Forgery (SSRF) vulnerability in LMDeploy's vision-language module. The `load_image()` function in `lmdeploy/vl/utils.py` fetches arbitrary URLs without valida...

Vendor: InternLM
Product: lmdeploy
Published: Apr 20, 2026
Source: NVD
CVE-2026-33432 CRITICAL - 9.1

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search filter by directly concatenating the user-supplied login username into the filter string without esca...

Vendor: roxy-wi
Product: roxy-wi
Published: Apr 20, 2026
Source: NVD
CVE-2026-33431 MEDIUM - 6.5

Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is directly appended to a base directory path to construct a local file path, which is subsequently o...

Vendor: roxy-wi
Product: roxy-wi
Published: Apr 20, 2026
Source: NVD
CVE-2026-33031 HIGH - 8.1

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, a user who was disabled by an administrator can use previously issued API tokens for up to the token lifetime. In practice, disabling a compromised account does not actually terminate that user’s access, so an attacke...

Vendor: 0xJacky
Product: nginx-ui
Published: Apr 20, 2026
Source: NVD
CVE-2026-32613 CRITICAL - 9.9

Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected artifacts. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, unlike orca, it was NOT restr...

Vendor: spinnaker
Product: spinnaker
Published: Apr 20, 2026
Source: NVD
CVE-2026-32604 CRITICAL - 9.9

Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the clouddriver pods. This can expose credentials, remove files, or inject resources easily. Versions 2026...

Vendor: spinnaker
Product: spinnaker
Published: Apr 20, 2026
Source: NVD
CVE-2026-29648 HIGH - 8.8

In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs without the required exception, potentially bypassing intended state-enable based isolation controls i...

Published: Apr 20, 2026
Source: NVD
CVE-2026-29647 MEDIUM - 6.5

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling.

Published: Apr 20, 2026
Source: NVD
CVE-2026-29646 CRITICAL - 9.8

In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can influence machine-level interrupt enable state (mie). This breaks privilege/virtualization isolation and...

Published: Apr 20, 2026
Source: NVD
CVE-2026-29642 HIGH - 7.8

A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions (commit aecf601e803bfd2371667a3fb60bfcd83c333027, 2024-11-19), these menvcfg accesses can unexpected...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6550 MEDIUM - 4.7

Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass key commitment policy enforcement via a shared key cache, resulting in ciphertext that can be decryp...

Vendor: pip
Product: aws-encryption-sdk
Published: Apr 20, 2026
Source: NVD
CVE-2026-6257 CRITICAL - 9.1

Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to rename files to blocked extensions .php or .htaccess. Attackers can exploit this logic flaw by first upl...

Published: Apr 20, 2026
Source: NVD
CVE-2026-6249 HIGH - 8.8

Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshell with a .phtml extension. Attackers can bypass the extension deny-list and upload malicious files t...

Published: Apr 20, 2026
Source: NVD
CVE-2026-5478 HIGH - 8.1

The Everest Forms plugin for WordPress is vulnerable to Arbitrary File Read and Deletion in all versions up to, and including, 3.4.4. This is due to the plugin trusting attacker-controlled old_files data from public form submissions as legitimate server-side upload state, and converting attacker-sup...

Published: Apr 20, 2026
Source: NVD